23.4.1 IMAP, POP, and HTTP Password Login

By default, internal users must submit a password to retrieve
their messages from Messaging Server. You enable or disable password login
separately for POP, IMAP, and HTTP services. For more information about password
login for POP IMAP, and HTTP Services, see 5.2.2 Password-Based Login.

User passwords can be transmitted from the user’s client software
to your server as cleartext or in encrypted form. If both the client and your
server are configured to enable SSL and both support encryption of the required
strength (as explained in 23.5.2 To Enable SSL and Selecting Ciphers), encryption occurs.

User IDs and passwords are stored in your installation’s LDAP
user directory. Password security criteria, such as minimum length, are determined
by directory policy requirements; they are not part of Messaging Server administration.